PT-2023-20539 · Sourcecodester · Sourcecodester Online Tours & Travels Management System

Mr_Ruann

Publicado

2023-05-10

Atualizado

2024-05-17

CVE-2023-2619

CVSS v3.1

9.8

Crítica

Vetor

AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions SourceCodester Online Tours & Travels Management System version 1.0

Description A critical issue was found in the system, affecting the exec function of the disapprove delete.php file. The manipulation of the id argument leads to SQL injection. This issue can be exploited remotely.

Recommendations For SourceCodester Online Tours & Travels Management System version 1.0, consider restricting access to the disapprove delete.php file or disabling the exec function as a temporary workaround until a patch is available. Avoid using the id argument in the affected file to minimize the risk of exploitation.

Exploit

Correção

SQL injection

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-89

Identificadores relacionados

CVE-2023-2619

Produtos afetados

Sourcecodester Online Tours & Travels Management System

PT-2023-20539 · Sourcecodester · Sourcecodester Online Tours & Travels Management System

CVE-2023-2619

Enumeração de Fraquezas

Identificadores relacionados

Produtos afetados

Referências · 5